microsim-matcher

Fail

Audited by Gen Agent Trust Hub on Jun 22, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill connects to api.github.com and raw.githubusercontent.com to check for updates and download latest reference data. These operations target a well-known service and are part of the documented maintenance workflow in SKILL.md and check-version.py.
  • [COMMAND_EXECUTION]: The workflow in SKILL.md (Step 0) utilizes shell commands including curl, stat, and grep to manage versioning of the local reference file. These commands are used for metadata comparison and do not involve direct execution of remote payloads.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) as it processes user-provided diagram specifications in SKILL.md (Step 1). The instructions lack explicit boundary markers or sanitization for this data before it is used to calculate generator scores, creating a surface where malicious specifications could attempt to bias the results.
  • Ingestion points: Diagram specifications are read from user files or descriptions in SKILL.md (Step 1).
  • Boundary markers: No delimiters or 'ignore embedded instructions' warnings are present for the specification content.
  • Capability inventory: The skill can execute shell commands (curl, stat) and the check-version.py script has file-write capabilities.
  • Sanitization: There is no evidence of validation or filtering for the external specification content before analysis.
Recommendations
  • HIGH: Downloads and executes remote code from: https://api.github.com/repos/dmccreary/claude-skills/commits?path=skills/microsim-matcher/references/matching-criteria.md&page=1&per_page=1 - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Jun 22, 2026, 07:19 PM
Security Audit — agent-trust-hub — microsim-matcher